GAO: HHS Has Not Implemented Critical Cyber Recommendations

Over the last four years, the Government Accountability Office has made hundreds of recommendations to the Department of Health and Human Services for improving its operations that have not been implemented.

In a March 28 letter and report sent to HHS, GAO notes that among dozens of unimplemented "high priority" recommendations are four on health information technology and cybersecurity.

"The nation's critical infrastructure provides the essential services - including healthcare - that underpin American society. The infrastructure relies extensively on computerized systems and electronic data to support its missions," GAO writes. "However, serious cybersecurity threats to the infrastructure continue to grow and represent a significant national security challenge. Additionally, recent data breaches have highlighted the importance of ensuring the security of health information, including Medicare beneficiary data."